General
-
Target
13710a80fa3a8021b7c2b59f35245c1f97dd611eca1c7ee3f206f73ffb591ba9
-
Size
4.1MB
-
Sample
241113-sah7astfme
-
MD5
1b848f6e02b0a83ac0ed67bf1648b95c
-
SHA1
08ea3467e28c3ae6cc6a2ce8db8b5c6cb5d60925
-
SHA256
13710a80fa3a8021b7c2b59f35245c1f97dd611eca1c7ee3f206f73ffb591ba9
-
SHA512
8be22d5a3ece4343b2b3c3eab990cd831f9a12793531b2508af06b4c659611e3ef6ae3eed4b6bbc998237894495bebdf017da06a66d32c6ba1a6648fc59d0a63
-
SSDEEP
49152:5CwsbCANnKXferL7Vwe/Gg0P+WhUDmn2JG2kcL1HlgYr5gW+oPZb16:0ws2ANnKXOaeOgmhUDmn2Tl5Fm
Static task
static1
Behavioral task
behavioral1
Sample
13710a80fa3a8021b7c2b59f35245c1f97dd611eca1c7ee3f206f73ffb591ba9.exe
Resource
win7-20241023-en
Malware Config
Targets
-
-
Target
13710a80fa3a8021b7c2b59f35245c1f97dd611eca1c7ee3f206f73ffb591ba9
-
Size
4.1MB
-
MD5
1b848f6e02b0a83ac0ed67bf1648b95c
-
SHA1
08ea3467e28c3ae6cc6a2ce8db8b5c6cb5d60925
-
SHA256
13710a80fa3a8021b7c2b59f35245c1f97dd611eca1c7ee3f206f73ffb591ba9
-
SHA512
8be22d5a3ece4343b2b3c3eab990cd831f9a12793531b2508af06b4c659611e3ef6ae3eed4b6bbc998237894495bebdf017da06a66d32c6ba1a6648fc59d0a63
-
SSDEEP
49152:5CwsbCANnKXferL7Vwe/Gg0P+WhUDmn2JG2kcL1HlgYr5gW+oPZb16:0ws2ANnKXOaeOgmhUDmn2Tl5Fm
-
Gh0st RAT payload
-
Gh0strat family
-
Purplefox family
-
Drops file in Drivers directory
-
Server Software Component: Terminal Services DLL
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1